You need the conduit to allow traffic to the outside global IP. Same with
the ACL. Not to the private address. Unless you are NAT'n on the outside
router ( why?) then the static would have to change. Also, your conduit is
wrong in syntax:
conduit permit tcp host <routeable_ip> eq 80 any
Kenny
""Russell Lusignan"" <[EMAIL PROTECTED]> wrote in
message 8muf6l$lbp$[EMAIL PROTECTED]">news:8muf6l$lbp$[EMAIL PROTECTED]...
> Actually the syntax on the conduit is a little off.. should be:
>
> conduit permit tcp <DA> <D Mask> <SA> <S Mask> eq <type>
> conduit permit tcp host 192.168.1.222 any eq www
>
> . although with 5.0 of the PIX IOS, they want you to use Access-lists
> instead of conduit statments.. so your config would look like:
>
> static (inside,outside) a.b.c.d 192.168.1.222 netmask 255.255.255.255 0 0
> static (inside,outside) a.b.c.d 192.168.1.223 netmask 255.255.255.255 0 0
> access-list acl_in permit tcp any host 192.168.1.222 eq www
> access-list acl_in permit tcp any host 192.168.1.223 eq smtp
> access-group acl_in in interface outside
>
> Hope that helps
> Russ..
>
> ""Richard Tran"" <[EMAIL PROTECTED]> wrote in message
> 8mtf4l$vp7$[EMAIL PROTECTED]">news:8mtf4l$vp7$[EMAIL PROTECTED]...
> > We have an ip address(a.b.c.d) registered with an internet domain name.
> This
> > domain is served both as our email and website domain. We have one
> internal
> > web(192.168.1.222) and one internal mail server(192.168.1.223). I have a
> > question about the pix configuration below.
> >
> > static (inside,outside) a.b.c.d 192.168.1.222 netmask 255.255.255.255 0
0
> > static (inside,outside) a.b.c.d 192.168.1.223 netmask 255.255.255.255 0
0
> > conduit permit tcp host a.b.c.d eq www any
> > conduit permit tcp host a.b.c.d eq smtp any
> >
> > Is this the right configuration for the pix to redirect the appropriate
> > traffic to the internal servers?
> >
> > Any response is greatly appreciated.
> >
> >
> >
> > ___________________________________
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > ---
>
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
